backtop


Print 41 comment(s) - last by bbomb.. on Aug 8 at 11:15 PM


Screen capture from AOL's website before it was taken down -- Image courtesy Texturabtion
AOL does the unthinkable

AOL grabbed headlines last week when it announced that it was making its online services freely available to anyone with Internet access. Today, the company is making news for what is an inexplicable turn of events. The company freely made available the private search history of over 650,000 users without permission. The 439MB compressed download features over 20 million search queries over a three month period and was made available on AOL's research website along with a readme file detailing the results. In an effort to ease damage control, AOL has removed both links, but mirrors for both search data and the AOL readme (for better or worse) are mirrored at multiple sites.

The vast amount of data included in these search queries is staggering and the possibilities for abuse are endless. TechCrunch reports:

AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the ability to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box. The most serious problem is the fact that many people often search on their own name, or those of their friends and family, to see what information is available about them on the net. Combine these ego searches with porn queries and you have a serious embarrassment. Combine them with “buy ecstasy” and you have evidence of a crime. Combine it with an address, social security number, etc., and you have an identity theft waiting to happen.

It’s one thing to make private search data available to the federal government upon request (and even that has been widely debated over the past eight months), but to make it freely available from a public website is downright malicious. It’d be interesting to see what AOL’s response to this whole fiasco will be.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Just curious..
By rocchioo on 8/7/2006 3:16:36 PM , Rating: 2
...do any of you plan to download the AOL search list?




RE: Just curious..
By Chalmus on 8/7/2006 4:17:50 PM , Rating: 2
Already did. Pretty interesting stuff to say the least.

I LOL'd at my desk at work when I was reading through one person's search history in particular -- there were all these searches for porn (and it shows the site they ended up going to, and yes, he went to a LOT of sites), software cracks, free downloads, MP3s, all kinds of that sort of thing.

Then, at the end of the list of searches, the poor sap searched for "how to get rid of adware"

ROFL, well, what do you expect from going to all those other sites?


RE: Just curious..
By Chalmus on 8/7/2006 4:23:49 PM , Rating: 2
Oh yeah, and anyone who says that this isn't personal information, that this is the same as the phonebook, please, download the file and look at what is there and then say that again with a straight face. Seriously. Do it.

There are search histories that will give you chills (suicide help, how to cope with the loss of children/parents/siblings, and just tons of astounding things) that also contain enough information that it wouldn't be impossible to figure out who it was searching for that stuff.

This is not a small matter.


RE: Just curious..
By masher2 (blog) on 8/7/2006 4:49:40 PM , Rating: 2
> "that also contain enough information that it wouldn't be impossible to figure out who it was searching for that stuff."

Then do so. Pick a user, and tell us who they are. I think you'll find out its not nearly as easy as you believe.


RE: Just curious..
By Chalmus on 8/7/2006 4:57:31 PM , Rating: 2
There is no financial or any other benefit to me doing that, and with 20 million+ queries to sort through, then I guess you just proved me wrong that I cannot give a name, address, SSN, or whatever on any particular member in the list.

But if you think that there aren't scammers and thieves working on getting that personal information out of that list as we type, and that they will not be able to retrieve anything of use out of the list, you are not the poster that I came to respect.

Have you looked at the list?


RE: Just curious..
By Lifted on 8/7/2006 5:03:31 PM , Rating: 2
I have, and the possibility of scumbags being able to blackmail people is there.


RE: Just curious..
By masher2 (blog) on 8/7/2006 5:11:04 PM , Rating: 2
> "Have you looked at the list? "

I have. Certainly there is "information of value" in there. Quite probably information of value to a thief or scammer. But is the data "personally identifiable"? That's a horse of a different color. I found quite a few searches for my surname, just in the first of the 10 files....and I can guarantee you none of those queries were from me. Even if you saw a search for an exact name and address...does it prove that particular person did the searching? Or just that someone searched for them?



RE: Just curious..
By mindless1 on 8/8/2006 4:26:03 PM , Rating: 2
Maybe, just maybe people looking to harvest lists, had already started doing so and this list ties in with a lot of OTHER data. WHile that'd be a daunting task by hand, thanks to the computer age it might only harvest a few names but would that be a consolation to one of those people?


RE: Just curious..
By rocchioo on 8/7/2006 5:08:40 PM , Rating: 2
I'm user 6497.


A little over board
By OrSin on 8/7/2006 12:04:32 PM , Rating: 2
This is tarting to sound like Tom's forums. This is way over baord. The user name is not give nor is any person information about the user. He trying to make you think becuase someone might lookup thier own name that that alone is eoungh to find some one. Guess what most users that look thier own name will lookup 30 others as well. Most people did thier own name lookup about 5 years ago, now thye search for everything else. The article is perfect example of how the media runs with something in the worng direction. And guess what if it was so bad then why link to the mirror sites.




RE: A little over board
By masher2 (blog) on 8/7/2006 12:12:26 PM , Rating: 2
> "And...if it was so bad then why link to the mirror sites [?]"

I found that most amusing of all. A holier-than-thou attitude, right next to a direct link to the data itself. What a way to have your cake and eat it too.


RE: A little over board
By Atrye on 8/7/2006 12:57:45 PM , Rating: 2
hah, yes.. But has anyone considered the possibility that someone inside AOL may have done this without any approval?


RE: A little over board
By dagamer34 on 8/7/2006 1:13:53 PM , Rating: 2
People often search their name and addresses near them. Each AOL ID is randomized, but it stays the same for every search query the user made.

In otherwords, it's pretty easy to figure out some people's names. I'm pretty sure this violates a couple of laws, and is the primary reason why people don't agree that anyone should be keeping tabs like this, even the government to an extent.


RE: A little over board
By RamarC on 8/7/2006 3:38:07 PM , Rating: 1
quote:
People often search their name and addresses near them.

I often search for restaurants. Does that mean I'm CafeOle@aol.com

quote:
Each AOL ID is randomized, but it stays the same for every search query the user made. In otherwords, it's pretty easy to figure out some people's names.

23,456 out of 12,234,123 is easy to figure out?

quote:
I'm pretty sure this violates a couple of laws, and is the primary reason why people don't agree that anyone should be keeping tabs like this, even the government to an extent.

I'm often pretty sure the guy I'm playing poker with isn't holding a queen. I'll tell you from experience, pretty sure don't mean diddly.

If ANY company you deal with has data that involves your habits, it is perfectly LEGAL for them to use and sell that data so long as you cannot be identified from the data and the company has issued and properly maintained legalese informing you of that fact.

Credit card issuer(s) make(s) a boatload of money from selling purchase histories (and have done so for decades ). Retailers analyze their sales register receipts (which includes the CC transaction number) scrupulously to detect patterns and profiles. I'll bet some local retailer knows what type of movies/dvds/games you like. I'll definitely bet a certain cashier knows what type of beer or soda you prefer.

My point is this: you are not now, nor have you ever been completely anonymous. The thing you're reading this on and typing a reply on is what has caused your level of anonymity to decline but it is not the cause of it.

Most folks names, addresses, and phone numbers and in a book that gets sent to most other folks in their vicinity. Should the phone company be sued for the utter invasion of privacy that is the 'white pages'?


RE: A little over board
By mindless1 on 8/8/2006 3:41:59 PM , Rating: 2
You miss the entire point, that information does't NECESSARILY have to be correctly interpreted, let alone true, to be used against you. A very very large part of mitigating the effect is not prevention but LIMITATION in access to the information.

So what if some somebody can find some tidbit? That's a lot different than a goldmine large enough to make a systematic harvesting worthwhile for someone with ill intentions.


RE: A little over board
By Bonesdad on 8/7/2006 3:31:32 PM , Rating: 2
oh god, here we go again..."it's the media's fault that so many people suck". AOL bears sole responsibility for this unforgiveable act. Any real American can see that.


RE: A little over board
By smitty3268 on 8/7/2006 3:55:19 PM , Rating: 2
It may be a bit overboard, but this is pretty darn bad. If you're so sure it isn't, how about you post every single search query you've made in the past year here, and the rest of us will look over it and try to figure out everything we can about you. We could make it a little game, and perhaps you could give out a $50 prize to anyone who managed to dig up your personal phone number and give you a call. ???


TechCrunch
By AppaYipYip on 8/7/2006 12:58:57 PM , Rating: 2
Researching "buy ecstacy" is not evidence of a crime.




RE: TechCrunch
By R Nilla on 8/7/2006 1:21:16 PM , Rating: 2
what you just typed constitutes a crime. I will be reporting this to the proper authorities...


RE: TechCrunch
By smitty3268 on 8/7/2006 5:08:14 PM , Rating: 2
These days it is probably enough for a search warrant though.


RE: TechCrunch
By filibusterman on 8/7/2006 6:16:48 PM , Rating: 2
The US government no longer needs search warrents because of the Patriot act 2 legislation, after all only terrists sell drugs so homeland security has the right to investigate


RE: TechCrunch
By The Boston Dangler on 8/7/2006 7:32:49 PM , Rating: 2
1984 is proving to be an ever-more accurate prophecy. Just my observation.


I hope this sinks AOL
By Rage187 on 8/7/2006 11:53:07 AM , Rating: 2
This could easily be the end of AOL after all the lawsuits. Good riddance




RE: I hope this sinks AOL
By Rike on 8/7/2006 1:38:14 PM , Rating: 2
It's just part of the continuing implosion of AOL. I'm sure there will be more news of the same type about AOL soon.


RE: I hope this sinks AOL
By EarthsDM on 8/7/2006 2:06:59 PM , Rating: 3
Lawsuits can't kill AOL. That's like trying to kill the undead with unholy water. AOL will not die, CAN not die, until it is decapitated, its mouth stuffed with holy wafers, and buried under a crossroads.


awesome
By Andrevas on 8/7/2006 4:07:59 PM , Rating: 2
650k people will recieve mass amounts of gay porn spam by the end of the day




RE: awesome
By Chalmus on 8/7/2006 5:06:53 PM , Rating: 2
User 2708 in text file #2 seems to have had a pretty rough break-up with her man.

If I were a dude that just broke up with someone living in New Hampshire, I might want to try and figure out if the woman doing all the searching was the woman I just dumped. Cuz' he has a whole trainload of hurt coming -- "how to ruin someone's credit" "how to report someone to child services" "how to destroy a hard drive permanantely" "free gay porn via email"

Man, good stuff.


RE: awesome
By lemonadesoda on 8/7/2006 6:08:52 PM , Rating: 2
It's amazing how vengeful some people can be. And this isn't meant to be a sexist comment. But you can apply some obvious generalisations if you wish ;-)


Lots of useful data
By Lifted on 8/7/2006 5:00:33 PM , Rating: 2
This has killed my day, but it's just too much fun searching these records.

On to the "useful" data...

The first thing I've come to realize is that porn sites should have links for escorts on them, as the number of people who search for porn and come back and search for escorts is just amazing.

I'm looking for other patterns to base queries on (i imported it all to a SQL db), so if anyone has any suggestions, please post them. Perhaps 'ford mustang' and 'penis enlargement' might return a few hits. ;)





RE: Lots of useful data
By nerdye on 8/8/2006 12:57:13 AM , Rating: 2
Ohh Man, that was a great post, hahaha!!!


Random assortment of searches
By Brandon Hill (blog) on 8/7/2006 8:40:12 PM , Rating: 2
By mindless1 on 8/8/2006 4:19:20 PM , Rating: 2
Hilarious! (and sad)

[Q]User 2252555 - "i need a break"
Bit shocking this one. Again these searches happened over a period of a couple of months. In chronological order, but don't necessarily read anything into it.

- im so tired of being a wife and mom
- why do stay at home mothers get no respect
- when will i get the nerve to leave my husband
- why are housewives treated like maids
- capital murder vs 1st degree murder
- cigarette burn to the eye
- why does my child hurt small animals
- kitten foaming at mouth with blood in it
[/Q]


what were they thinking?
By Schadenfroh on 8/7/2006 11:43:19 AM , Rating: 1
This is a bright move, even for AOL. Hmm, lets see what we have here......


Damn...... I never knew my prof. was into that kind of stuff.... ewwwww




RE: what were they thinking?
By Schadenfroh on 8/7/2006 11:46:24 AM , Rating: 2
Looks like I will have a 4.0 GPA this fall.


By Bladen on 8/7/2006 11:43:18 AM , Rating: 2
The Internet is for porn, after all.




Wow...
By R Nilla on 8/7/2006 11:43:46 AM , Rating: 2
This is simply outrageous. What were they thinking, seriously? They really jumped the gun on this one.




Commercials
By microAmp on 8/7/2006 12:01:11 PM , Rating: 2
So much for all those security commercials they ran in the past few months. :)




Oh noes!
By Griswold on 8/7/2006 1:38:51 PM , Rating: 2
Duck and cover! Incoming lawsuits!




i say law suites will fly
By Esquire on 8/7/2006 2:13:34 PM , Rating: 2
we'll see




Help please
By rocchioo on 8/7/2006 5:12:22 PM , Rating: 2
What's a good way to view the file and be able to search? I tried wordpad, but the search function doesn't work since my CPU is gouing crazy from such a large file. Thanks.




.
By bbomb on 8/8/2006 11:15:13 PM , Rating: 2
Didnt AOL just post a profit for the first time in forever? Well I guess they can kiss that goodbye as the one and only time they ever will.




"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer

Related Articles
Setting AOL Free
August 3, 2006, 4:56 AM













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki